为客户端机器分发key
1、配置hosts文件
cat /etc/ansible/hosts
[test] 192.168.10.101 ansible_user=root ansible_ssh_pass='123456'
此处我用的是root用户,密码为123456,此处配置用户名和密码后,控制机就可以访问客户端的机器了。但是为了安全起见,分发key结束后,要删除此处的user和pass。
2、控制机配置key
[root@Server .ssh]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:7sOnF9YRv5FJ31PIfCNeW7p2IMKvIX6nKHnPuvgmeOw root@Server.ifeng.com The key's randomart image is: +---[RSA 2048]----+ | o . | | ..=o+| | . .+o**| | o o.Boo| | S + o =.| | .. + o + .| | o +.o + . . | | . *o*o= . | | oE*BX+o | +----[SHA256]-----+
[root@Server salt]# ll /root/.ssh/
total 8
-rw------- 1 root root 668 May 22 21:46 id_dsa
-rw-r--r-- 1 root root 611 May 22 21:46 id_dsa.pub
3、将key分发给客户端机器
[root@Server playbooks]# cat push.ssh.ymal - hosts: test user: root tasks: - name: ssh-copy authorized_key: user=root key="{{ lookup('file', '/root/.ssh/id_rsa.pub') }}" tags: - sshkey
[root@Server playbooks]# ansible-playbook push.ssh.ymal
PLAY [test] ************************************************************************************************************************************************************************************************************ TASK [Gathering Facts] ************************************************************************************************************************************************************************************************* ok: [192.168.10.101]
TASK [ssh-copy] ********************************************************************************************************************************************************************************************************
changed: [192.168.10.101]
PLAY RECAP **************************************************************************************************************************************************************************************************************
192.168.10.101 : ok=2 changed=1 unreachable=0 failed=0
此处采用了playbook的authorized_key模块,来分发key,后面来介绍playbook相关
4、删除hosts中的user和pass并测试客户端
[root@Server playbooks]# cat /etc/ansible/hosts |grep test -A 2 [test] #192.168.10.101 ansible_user=root ansible_ssh_pass='123456' 192.168.10.101 [root@Server playbooks]# ansible all -m command -a "w" 192.168.10.101 | SUCCESS | rc=0 >> 23:41:49 up 4 days, 4:49, 2 users, load average: 0.00, 0.01, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 192.168.10.1 21:47 4:53 0.19s 0.04s -bash root pts/1 192.168.10.100 23:41 0.00s 0.24s 0.17s
至此,通过ansible向客户端分发key就完成了。